From 13a8ab2e3d3ac91cab54ea2b13eeb890cd2ee387 Mon Sep 17 00:00:00 2001 From: Dimitrie Stefanescu Date: Tue, 21 Apr 2020 11:40:22 +0100 Subject: [PATCH] feat(graphql): scaffolding --- modules/core/graph/resolvers/apitoken.js | 11 +++++++++++ modules/core/graph/resolvers/user.js | 11 ++++++++--- modules/core/graph/schemas/apitoken.graphql | 13 ++++++++++++- modules/core/graph/schemas/user.graphql | 6 +++++- 4 files changed, 36 insertions(+), 5 deletions(-) diff --git a/modules/core/graph/resolvers/apitoken.js b/modules/core/graph/resolvers/apitoken.js index df0c1f83f..4492c23a8 100644 --- a/modules/core/graph/resolvers/apitoken.js +++ b/modules/core/graph/resolvers/apitoken.js @@ -6,5 +6,16 @@ module.exports = { async apiTokens( parent, args, context, info ) { return await getUserTokens( context.userId ) } + }, + Mutation: { + async apiTokenCreate( parent, args, context, info ) { + //@todo enforce token creation authorization + await createToken( context.userId, args.name, args.scopes, args.lifespan ) + }, + async apiTokenRevoke( parent, args, context, info ) { + //@todo enforce token revokation authorization + await revokeToken( args.token ) + return true + } } } \ No newline at end of file diff --git a/modules/core/graph/resolvers/user.js b/modules/core/graph/resolvers/user.js index 1b5e3f820..efba0154b 100644 --- a/modules/core/graph/resolvers/user.js +++ b/modules/core/graph/resolvers/user.js @@ -8,10 +8,11 @@ module.exports = { Query: { async user( parent, args, context, info ) { if ( !context.auth ) throw new AuthenticationError( ) + if ( !args.id && !context.userId ) { - throw new UserInputError( ) + throw new UserInputError( 'You must provide an user id.' ) } - console.log(args) + return await getUser( args.id || context.userId ) } }, @@ -22,7 +23,11 @@ module.exports = { return token }, async userEdit( parent, args, context, info ) { - // TODO + if ( context.userId !== args.user.id ) + throw new AuthenticationError( 'Not authorized' ) + + await updateUser( context.userId, args.user ) + return true }, } } \ No newline at end of file diff --git a/modules/core/graph/schemas/apitoken.graphql b/modules/core/graph/schemas/apitoken.graphql index f6899c216..41a3cc3df 100644 --- a/modules/core/graph/schemas/apitoken.graphql +++ b/modules/core/graph/schemas/apitoken.graphql @@ -11,6 +11,17 @@ type ApiToken { lastChars: String! scopes: [String]! createdAt: String! #date - lifespan: Int! + lifespan: BigInt! lastUsed: String! #date +} + +extend type Mutation { + """ + Creates an api token. + """ + apiTokenCreate(scopes: [String!]!, name: String!, lifespan: BigInt):String + """ + Revokes (deletes) an api token. + """ + apiTokenRevoke(token: String!):String } \ No newline at end of file diff --git a/modules/core/graph/schemas/user.graphql b/modules/core/graph/schemas/user.graphql index b18d392c5..d2cb5e309 100644 --- a/modules/core/graph/schemas/user.graphql +++ b/modules/core/graph/schemas/user.graphql @@ -1,4 +1,7 @@ extend type Query { + """ + Gets the profile of a user. If no id argument is provided, will return the current authenticated user's profile (as extracted from the authorization header). + """ user(id: String): User } @@ -23,7 +26,7 @@ extend type Mutation { Temporary measure, equal to local registration. Should be disabled if local_auth is false. """ userCreate(user: UserCreateInput): String - userEdit(user: UserEditInput): String + userEdit(user: UserEditInput): Boolean } input UserCreateInput { @@ -34,6 +37,7 @@ input UserCreateInput { } input UserEditInput { + id: String! name: String! username: String! company: String!